Commit | Line | Data |
---|---|---|
582df349 BA |
1 | // AJAX methods to get, create, update or delete a user |
2 | ||
8d7e2786 BA |
3 | var router = require("express").Router(); |
4 | var UserModel = require('../models/User'); | |
0bd5933d | 5 | var sendEmail = require('../utils/mailer'); |
badeb466 | 6 | var genToken = require("../utils/tokenGenerator"); |
8d7e2786 | 7 | var access = require("../utils/access"); |
0bd5933d | 8 | var params = require("../config/parameters"); |
8d7e2786 | 9 | |
c018b304 | 10 | // to: object user (to who we send an email) |
8d7e2786 BA |
11 | function setAndSendLoginToken(subject, to, res) |
12 | { | |
13 | // Set login token and send welcome(back) email with auth link | |
badeb466 | 14 | const token = genToken(params.token.length); |
c018b304 BA |
15 | UserModel.setLoginToken(token, to.id, err => { |
16 | if (!!err) | |
17 | return res.json({errmsg: err.toString()}); | |
18 | const body = | |
19 | "Hello " + to.name + "!\n" + | |
20 | "Access your account here: " + | |
1aeed627 | 21 | params.siteURL + "/#/authenticate/" + token + "\\n" + |
c018b304 BA |
22 | "Token will expire in " + params.token.expire/(1000*60) + " minutes." |
23 | sendEmail(params.mail.noreply, to.email, subject, body, err => { | |
f05815d7 | 24 | // "id" is generally the only info missing on client side, |
625022fd BA |
25 | // but the name is also unknown if log-in with the email. |
26 | res.json(err || {id: to.id, name: to.name}); | |
8d7e2786 BA |
27 | }); |
28 | }); | |
29 | } | |
30 | ||
8d7e2786 | 31 | router.post('/register', access.unlogged, access.ajax, (req,res) => { |
8a477a7e BA |
32 | const name = req.body.name; |
33 | const email = req.body.email; | |
34 | const notify = !!req.body.notify; | |
98db2082 | 35 | const error = UserModel.checkNameEmail({name: name, email: email}); |
8a477a7e | 36 | if (!!error) |
8d7e2786 | 37 | return res.json({errmsg: error}); |
c018b304 BA |
38 | UserModel.create(name, email, notify, (err,uid) => { |
39 | if (!!err) | |
40 | return res.json({errmsg: err.toString()}); | |
41 | const user = { | |
42 | id: uid["rowid"], | |
43 | name: name, | |
44 | email: email, | |
45 | }; | |
46 | setAndSendLoginToken("Welcome to " + params.siteURL, user, res); | |
8d7e2786 BA |
47 | }); |
48 | }); | |
49 | ||
8a477a7e BA |
50 | router.get('/sendtoken', access.unlogged, access.ajax, (req,res) => { |
51 | const nameOrEmail = decodeURIComponent(req.query.nameOrEmail); | |
52 | const type = (nameOrEmail.indexOf('@') >= 0 ? "email" : "name"); | |
98db2082 | 53 | const error = UserModel.checkNameEmail({[type]: nameOrEmail}); |
8a477a7e | 54 | if (!!error) |
8d7e2786 | 55 | return res.json({errmsg: error}); |
8a477a7e | 56 | UserModel.getOne(type, nameOrEmail, (err,user) => { |
8d7e2786 BA |
57 | access.checkRequest(res, err, user, "Unknown user", () => { |
58 | setAndSendLoginToken("Token for " + params.siteURL, user, res); | |
59 | }); | |
60 | }); | |
61 | }); | |
62 | ||
1aeed627 BA |
63 | router.get('/authenticate', access.unlogged, access.ajax, (req,res) => { |
64 | UserModel.getOne("loginToken", req.query.token, (err,user) => { | |
8d7e2786 | 65 | access.checkRequest(res, err, user, "Invalid token", () => { |
8d7e2786 | 66 | // If token older than params.tokenExpire, do nothing |
0bd5933d | 67 | if (Date.now() > user.loginTime + params.token.expire) |
8d7e2786 | 68 | return res.json({errmsg: "Token expired"}); |
0bd5933d | 69 | // Generate session token (if not exists) + destroy login token |
c018b304 | 70 | UserModel.trySetSessionToken(user.id, (err,token) => { |
8d7e2786 | 71 | if (!!err) |
c018b304 | 72 | return res.json({errmsg: err.toString()}); |
8d7e2786 BA |
73 | // Set cookie |
74 | res.cookie("token", token, { | |
75 | httpOnly: true, | |
c018b304 BA |
76 | secure: !!params.siteURL.match(/^https/), |
77 | maxAge: params.cookieExpire, | |
8d7e2786 | 78 | }); |
1aeed627 | 79 | res.json({name:user.name, id:user.id}); |
8d7e2786 BA |
80 | }); |
81 | }); | |
82 | }); | |
83 | }); | |
84 | ||
c018b304 BA |
85 | router.put('/update', access.logged, access.ajax, (req,res) => { |
86 | const name = req.body.name; | |
87 | const email = req.body.email; | |
98db2082 | 88 | const error = UserModel.checkNameEmail({name: name, email: email}); |
8a477a7e BA |
89 | if (!!error) |
90 | return res.json({errmsg: error}); | |
c018b304 BA |
91 | const user = { |
92 | id: req.userId, | |
93 | name: name, | |
94 | email: email, | |
95 | notify: !!req.body.notify, | |
96 | }; | |
97 | UserModel.updateSettings(user, err => { | |
98 | res.json(err ? {errmsg: err.toString()} : {}); | |
8d7e2786 BA |
99 | }); |
100 | }); | |
101 | ||
1aeed627 | 102 | router.get('/logout', access.logged, access.ajax, (req,res) => { |
0bd5933d | 103 | res.clearCookie("token"); |
1aeed627 | 104 | res.json({}); |
8d7e2786 BA |
105 | }); |
106 | ||
107 | module.exports = router; |